## Compliance status | Framework | Rivano AI status | |---|---| | SOC 2 Type II | In progress. Update this page when an auditor is engaged. | | HIPAA | HIPAA-ready architecture. BAA available on Enterprise tier. | | GDPR | Sub-processor list and DPA published. EU SCCs incorporated. | | CCPA | Privacy rights honored per [Privacy Policy](/legal/privacy). | | ISO 27001 | Not pursued at this writing. | For full processor obligations, see [/legal/dpa](/legal/dpa). For the current sub-processor list, see [/legal/sub-processors](/legal/sub-processors). ## Agent-protocol governance Rivano governs both **MCP** and **A2A** agent traffic. The same gateway process enforces: | Surface | What it enforces | |---|---| | `POST /mcp/:server` | Tool allowlist + RBAC, tool input schema pin, rate limits, PII + injection detection on request | | `POST /a2a/:agent` | Skill allowlist + RBAC, skill schema + agent-card pin, rate limits, PII + injection detection on request | | Dashboard overlay | Approval state (`pending` / `approved` / `rejected`) and per-skill role assignments — fetched on a 60s policy pull, applied at gateway request time | | Audit feed | Every allow/deny lands in `mcp_decisions` or `a2a_decisions` and surfaces in the dashboard within 5 seconds | Bulk approval is capped at 100 ids per call to prevent accidental cross-tenant approvals. The control plane refuses bulk DELETE without at least one filter parameter. For the full deny-code reference, see [/docs/gateway/mcp](/docs/gateway/mcp#deny-responses) and [/docs/gateway/a2a](/docs/gateway/a2a#deny-responses). ## Encryption | At rest | In transit | |---|---| | AES-256 in Cloud SQL (Google-managed keys; Customer-Managed Encryption Keys available on Enterprise tier) | TLS 1.2+ enforced gateway-side | | Customer-supplied tokens stored under a separate `PROVIDER_ENCRYPTION_KEY` (HKDF, never JWT_SECRET reuse) | mTLS optional for the self-hosted gateway — see [/docs/gateway/mtls](/docs/gateway/mtls) | | Backups in `us-east1`, same encryption posture | ACME-managed certificate auto-renewal — see [/docs/gateway/https](/docs/gateway/https) | ## Multi-tenant isolation All multi-tenant tables enforce `FORCE ROW LEVEL SECURITY`. The `app.current_tenant_id` GUC is set per database connection and every read or write is filtered against it. The control plane refuses to run a write outside a `withTenant(pool, tenantId, fn)` boundary. ## Authentication - **Dashboard sign-in:** OIDC via Zitadel. Sessions are httpOnly + SameSite=Strict cookies. CSRF tokens validated on mutating requests. - **Programmatic access:** API keys generated in the dashboard, scoped per project. Keys can be rotated at any time. - **Self-hosted gateway:** API keys for upstream LLM providers stored in `rivano.yaml` or as `${ENV_VAR}` references. Optional mTLS to require client certificates from agent callers. ## Vulnerability disclosure Please email **[email protected]** with vulnerabilities. We acknowledge within 24 hours and aim to publish a fix within 90 days, depending on severity. Coordinated disclosure encouraged. ## Incident response For BAA-relevant incidents under HIPAA §164.308(a)(6), Rivano maintains an internal incident response runbook covering identification, containment, notification, recovery, and post-incident review. The runbook is available to Enterprise customers under NDA — request via [email protected]. Customer-impacting incidents are notified within 72 hours of confirmation. ## Contact **Security disclosures:** [email protected] **Sales / compliance docs request:** [email protected]